-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathdigitalocean.tf
109 lines (94 loc) · 3.08 KB
/
digitalocean.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
resource "digitalocean_project" "ghost-terraform" {
name = "ghost-terraform"
description = "A Ghost blog with Commento, using Terraform and docker-compose"
purpose = "Web Application"
environment = "Production"
resources = [digitalocean_droplet.web.urn]
}
data "digitalocean_ssh_key" "default" {
name = var.digitalocean_key_name
}
data "digitalocean_volume" "block-volume" {
name = var.digitalocean_volume_name
region = var.digitalocean_droplet_region
}
resource "digitalocean_droplet" "web" {
image = var.digitalocean_droplet_image
name = "terraforming-ghost-droplet"
region = var.digitalocean_droplet_region
size = var.digitalocean_droplet_size
ssh_keys = [
data.digitalocean_ssh_key.default.id
]
user_data = templatefile("${path.module}/cloud-init/web-cloud-init.yaml", {
"PWD" = "$${PWD}",
"certbot_email" = var.certbot_email
"mysql_user" = var.mysql_user
"mysql_password" = var.mysql_password
"postgres_user" = var.postgres_user
"postgres_password" = var.postgres_password
"ghost_blog_dns" = var.ghost_blog_dns
"commento_dns" = var.commento_dns
"static_dns" = var.static_dns
"cloudflare_email" = var.cloudflare_email
"cloudflare_api_key" = var.cloudflare_api_key
"cloudflare_domain" = var.cloudflare_domain
"digitalocean_volume_name" = var.digitalocean_volume_name
"fqdn" = local.cloudflare_fqdn
"cloudflare_tunnel_id" = cloudflare_tunnel.ssh_browser.id
"cloudflare_tunnel_name" = cloudflare_tunnel.ssh_browser.name
"cloudflare_tunnel_secret" = cloudflare_tunnel.ssh_browser.secret
"trusted_pub_key" = cloudflare_access_ca_certificate.ssh_short_lived.public_key
"user" = local.user_from_mail
"account_id" = var.cloudflare_account_id
})
connection {
user = "root"
type = "ssh"
host = self.ipv4_address
private_key = file(var.digitalocean_priv_key_path)
timeout = "10m"
}
}
resource "digitalocean_volume_attachment" "vol-attachment" {
droplet_id = digitalocean_droplet.web.id
volume_id = data.digitalocean_volume.block-volume.id
}
data "digitalocean_droplet" "web" {
name = "terraforming-ghost-droplet"
depends_on = [digitalocean_droplet.web]
}
data "cloudflare_ip_ranges" "cloudflare" {}
resource "digitalocean_firewall" "web" {
name = "terraform-ghost-fw"
droplet_ids = [digitalocean_droplet.web.id]
inbound_rule {
protocol = "tcp"
port_range = "443"
source_addresses = data.cloudflare_ip_ranges.cloudflare.cidr_blocks
}
inbound_rule {
protocol = "tcp"
port_range = "22"
source_addresses = data.cloudflare_ip_ranges.cloudflare.cidr_blocks
}
inbound_rule {
protocol = "icmp"
source_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "tcp"
port_range = "1-65535"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "udp"
port_range = "1-65535"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "icmp"
port_range = "1-65535"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
}